Application Serial No. 09/981,608 - Filed October 16, 2001 



REMARKS 

Claims 1-6, 9-15, 17-23, 25-31, and 34 were pending. No claims have been 
added, cancelled, or amended. Accordingly, claims 1-6, 9-15, 17-23, 25-31, and 34 
remain pending. 

35 U.S.C. $ 103 rejections 

Claims 1-6, 9-15, 17-23, 25-31, and 34 stand rejected under 35 U.S.C. § 103(a) as 
being unpatentable over U.S. Patent No. 5,265,221 (hereinafter "Miller") and U.S. patent 
6,772,350 (hereinafter "Belani"). Applicant respectfully traverses these rejections and 
requests reconsideration in view of the following discussion. 

In the present Office Action, the examiner has generally repeated the same 
rejections made previously. In the prior Response, Applicant generally only added 
definitions from the Description to claim terms already recited in the claims. For 
example, the recited UCS was simply amended to add the claim language "wherein for a 
given user and associated UCS, a given community is a member of the UCS if the given 
user is a member of the given community" which is a definition of the term taken from 
the Description. This meaning for the term, and the other terms, has been maintained and 
argued throughout prosecution. In the present office action, the Examiner has generally 
not produced further arguments regarding the features. The present rejections and 
citations for those claim features preceding the previous amendment are identical to the 
previous rejections. Applicant has already traversed those rejections and maintains the 
traversals. For purposes of economy, Applicant reiterates and incorporates by reference 
in their entirety all previous arguments made in the response to the Office Action of May 
17, 2007, Pre -Appeal Brief Request for Review, and Appeal Brief. 

In paragraph 15 of the present Office Action, the Examiner cites Miller col. 2, 
lines 32-52, and generally suggests the features disclosed therein are equivalent to the 
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recited features "wherein said CIB includes: a user community set (UCS) for each user of 
said MCN." However, Applicant disagrees and submits the cited disclosure of Miller is 
not equivalent to the features of the presently claimed invention. In contrast, Miller 
merely discloses access control mechanisms based on stored user attributes. More 
specifically, Miller discloses: 



"A still further object of the invention is to provide an access control 
mechanism . . . using customer-supplied attributes of users and objects, as 
well as customer-defined verbs. 

According to the present invention, as embodied and broadly described 
herein, an access control mechanism using a processor is provided for 
specifying access control policies to entities, comprising subject means, 
verb means, object means, definition means, rule means and evaluation 
means. The processor may be embodied as a microprocessor and memory, 
or computer using software. The subject means stores user information in 
a matrix having information for each user on each row, and user attributes 
pertaining to the specific user in each field (column)." (Miller, col. 2, lines 
32-52). 

As may be seen from the above, Miller describes storing user attributes in a 
matrix. However, Miller's disclosures are not equivalent to the recited UCS "wherein for 
a given user and associated UCS, a given community is a member of the UCS if the given 
user is a member of the given community," as is recited in claim 1 . Applicant submits a 
table of user attributes is not equivalent to a user community set (UCS) or a community 
set at all. Nor are the disclosures of Miller equivalent to an application community set or 
object community set, as recited. For at least these reasons, Applicant submits claim 1 is 
patentably distinct from the cited art. Likewise, as each of dependent claims 2-6, 9, 11- 
15, 17, 19-23, 25, 27-31, and 34 includes at least the features of the above independent 
claims upon which it depends, each of dependent claims 2-6, 9, 11-15, 17, 19-23, 25, 27- 
31, and 34 is believed patentable as well. 

The Examiner further suggests in paragraph 15 that a "processing unit configured 
to . . . permit access to said object in response to detecting said request is from a user; and 
a UCS of said user is a superset of an object community set (OCS) of said object," is 
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disclosed by Miller at col. 4, lines 56-col. 5, line 20. However, the cited portion of Miller 
merely describes group security policies. More particularly, Miller discloses 



"Security policies are concerned not only with which subject may obtain 
access to which objects, but also with the granting, revoking, and denying 
of authorizations to and from users and groups. Given the set of 
authorizations for users and groups, some rule must be applied for 
deriving authorization for subjects. 

In the general case, a user may belong to more than one group. In 
assigning privileges to subjects acting on behalf of a user, one can choose 
to: 

1 . Have the subject operate with the union of privileges of all the groups to 
which the user belongs, as well as all his or her individual privileges; 

2. Have the subject operate with the privilege of only one group at a time; 

3. Allow the subject to choose whether to operate with its user's privileges 
or with the privileges of one of the groups to which its user belongs; and 

4. Implement some other policy. 

Note that even if a subject S is constrained to be associated with at most 
one group to which its associated user belongs, a user is still not 
constrained to operate with the authorizations of only one group at a time. 
For example, if user U belongs to a group Gl that is authorized for a 
relation or view R and U also belongs to another group G2 that has been 
specifically denied authorization for R, then U can still gain access to R by 
employing a subject whose associated group is Gl, unless U has also been 
individually denied authorization for R. Thus, this choice of policy 
constrains subjects rather than users, and can be thought of as a form of 
least privilege." (Miller, col. 4, line 57 - col. 5, line 20). 

As may be seen from the above, Miller bases security policies on privileges of 
users and/or on combinations of privileges of the groups to which users belong. 
However, as argued above, Miller does not disclose maintaining a UCS or an OCS in a 
CIB. The attributes Miller stored are privileges, not community sets . Therefore, not only 
does Miller not disclose basing authorization on whether or not a UCS is a superset of an 
OCS, but it would not have been obvious to one of ordinary skill in the art at the time of 
the invention to base authorization on such a criterion, since the information needed to 
determine the necessary condition, a UCS and an OCS, is not stored in Miller's matrix. 
Instead Miller suggests that the privileges of users and groups are what is maintained and 
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access authorization is determined by combining privileges of users and groups according 
to some set of rules. Accordingly, Applicant finds no teaching or suggestion in the cited 
art of "detecting said request is from a user; and a UCS of said user is a superset of an 
object community set (OCS) of said object," as is recited in claim 1. Moreover, since 
Miller's matrix does not include the concept of a community set, claim limitations 
directed toward an object community set or an application community set are also 
distinguished from the cited art. 

For at least these additional reasons, Applicant submits claim 1 is patentably 
distinct from the cited art. As each of independent claims 10, 18, and 26 include similar 
features, each of these claims are patentably distinct for reasons similar to that of claim 1 . 
Likewise, as each of dependent claims 2-6, 9, 11-15, 17, 19-23, 25, 27-31, and 34 
includes at least the features of the above independent claims upon which it depends, 
each of dependent claims 2-6, 9, 11-15, 17, 19-23, 25, 27-31, and 34 is believed 
patentable as well. 
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CONCLUSION 



Applicant submits the application is in condition for allowance, and an early 
notice to that effect is requested. 



If any extensions of time (under 37 C.F.R. § 1.136) are necessary to prevent the 
above referenced application(s) from becoming abandoned, Applicant(s) hereby petition 
for such extensions. If any fees are due, the Commissioner is authorized to charge said 
fees to Meyertons, Hood, Kivlin, Kowert, & Goetzel, P.C. Deposit Account No. 
501505/5181-75800/RDR. 



Respectfully submitted, 



/ Rory D. Rankin / 

Rory D. Rankin 
Reg. No. 47,884 
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Kowert, & Goetzel, P.C. 
P.O. Box 398 
Austin, TX 78767-0398 
Phone: (512) 853-8800 

Date: January 18,2008 
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